CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1122290 matches found

WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting

WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

5.5CVSS6.2AI score0.01821EPSS

Exploits0References5

Nuclei•added yesterday•17 views

ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 subTab or 2 tab parameter to createAnomaly.do; 3 url, 4 subTab, or 5 tab parameter to mindex.do; 6 tab parameter to index2.do; or 7 port...

4.3CVSS5.8AI score0.03632EPSS

Exploits1References5

Nuclei•added yesterday•23 views

WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting

A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...

4.3CVSS5.8AI score0.06071EPSS

Exploits3References4

Nuclei•added yesterday•17 views

GTranslate < 2.8.65 - Cross-Site Scripting

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

6.1CVSS6.3AI score0.02674EPSS

Exploits2References2

Nuclei•added yesterday•18 views

WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting

WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page. id: CVE-2021-24335 info: name: WordPress Car Repair Services & Auto Mechanic Them...

6.1CVSS6.2AI score0.45442EPSS

Exploits2References5

Nuclei•added yesterday•20 views

Paid Memberships Pro < 2.6.6 - Cross-Site Scripting

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting id: CVE-2021-24979 info: name: Paid Memberships Pro 2.6.6 - Cross-Site Scripting author: r3Y3r53 severity:...

6.1CVSS6.4AI score0.0269EPSS

Exploits2References3

Nuclei•added yesterday•25 views

DokuWiki - Cross-Site Scripting

DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.9AI score0.01334EPSS

Exploits1References3

Nuclei•added yesterday•39 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS5.8AI score0.0041EPSS

Exploits1References4

Nuclei•added yesterday•21 views

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

4.3CVSS5.8AI score0.01944EPSS

Exploits1References4

Nuclei•added yesterday•11 views

WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting

WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability. id: CVE-2015-6920 info: name: WordPress sourceAFRICA =0.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting...

4.3CVSS5.6AI score0.00306EPSS

Exploits1References4

Nuclei•added yesterday•15 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.5AI score0.06584EPSS

Exploits2References5

Nuclei•added yesterday•48 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.0869EPSS

Exploits5References2

Nuclei•added yesterday•19 views

WP Planet <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in rss.class/scripts/magpiedebug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-4592 info: name: WP Planet = 0.1 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.03802EPSS

Exploits2References4

Nuclei•added yesterday•17 views

Frontend Uploader <= 0.9.2 - Cross-Site Scripting

The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. id: CVE-2014-9444 info: name: Frontend Uploader = 0.9.2 - Cross-Site Scripting author: daffainfo severity: medium description: The Frontend Uploader WordPress...

4.3CVSS5.8AI score0.03285EPSS

Exploits2References4

Nuclei•added yesterday•20 views

WordPress Page Layout builder v1.9.3 - Cross-Site Scripting

WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. id: CVE-2016-1000141 info: name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site...

6.1CVSS6.2AI score0.06584EPSS

Exploits2References4

Nuclei•added yesterday•144 views

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

6.1CVSS6.5AI score0.03575EPSS

Exploits3References5

Nuclei•added yesterday•30 views

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

6.1CVSS6.2AI score0.06392EPSS

Exploits2References5

Nuclei•added yesterday•7 views

WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting

The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting XSS in versions up to and including 2.11.7 due to insufficient input sanitization and output escaping in the 'place' parameter. id: CVE-2024-29137 info: name: WordPress Tourfic Plugin = 2.11.7 - Cross-Site Scripting...

7.1CVSS7.2AI score0.1694EPSS

Exploits0References4

Nuclei•added yesterday•5 views

CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. id: CVE-2024-31839 info: name: CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting author: riteshs4hu severity:...

4.8CVSS7AI score0.84642EPSS

Exploits6References2

Nuclei•added yesterday•22 views

WordPress FlatPM <3.0.13 - Cross-Site Scripting

WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authenticatio...

5.4CVSS5.9AI score0.0485EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by